NewKerala.com

NHRC Cracks Down on AI, EdTech Giants Over Child Data Safety Violations

The National Human Rights Commission has issued notices to key government ministries over alleged violations of the Digital Personal Data Protection Act by major AI, social media, and EdTech platforms. The action stems from a report highlighting the absence of mechanisms to track children's data transfers and inadequate grievance redressal systems. The Commission has specifically sought clarification from the Ministry of Communications on SIM card registration for minors. It has directed all concerned entities, including platforms like Meta and WhatsApp, to submit detailed compliance reports within 15 days.

Key Points: NHRC Notices for DPDP Act Violations by Tech Platforms

  • NHRC acts on DPDP Act violations
  • Focus on child data tracking & grievance systems
  • Notices to MeitY, Education, Communications ministries
  • Major platforms like Meta, WhatsApp, Khan Academy cited
  • Compliance reports demanded in 15 days
2 min read

NHRC issues notices over alleged DPDP Act violations by AI, social media, EdTech platforms

NHRC issues notices over child data protection lapses by AI, social media, and EdTech firms. Key ministries must respond within 15 days.

"such lapses could pose significant risks to children's digital safety - National Human Rights Commission"

New Delhi, March 25

The National Human Rights Commission has taken cognisance of alleged violations of the Digital Personal Data Protection Act, particularly regarding the absence of mechanisms to track children's data transfers and inadequate grievance redressal systems across major digital platforms.

A bench led by NHRC member Priyank Kanoongo initiated action following a complaint based on a report by think tank ASIA.

The Commission has issued notices to key government bodies, including the Union Ministry of Electronics and Information Technology (MeitY), the Ministry of Education, and the Ministry of Communications. Copies of the notices have also been forwarded to the Ministry of Home Affairs.

The Commission has sought clarification from the Ministry of Communications on the process of providing SIM connections to children for Internet and mobile usage. Officials noted that there is a lack of clear information regarding the registration of SIM cards in the names of minors in India, raising concerns about regulatory gaps.

The DPDP Act, enacted in 2023 and operationalised through rules notified in late 2025, is regarded as a significant step in strengthening India's data protection framework. The law aims to safeguard vulnerable groups, including children, women, and the elderly, from potential cyber risks and misuse of personal data.

While certain provisions, such as obtaining verifiable parental consent, have been given an 18-month compliance window, several key requirements, including data tracking systems, server security, and effective grievance redressal mechanisms, are mandated for immediate implementation.

According to the report, several major platforms, including Meta Platforms, Khan Academy, WhatsApp, Grok, Gemini, Perplexity AI, and Microsoft Math Solver, have not yet fully complied with these provisions.

Expressing serious concern, the Commission stated that such lapses could pose significant risks to children's digital safety. It has directed all concerned entities to submit detailed compliance reports within 15 days.

The NHRC, a statutory and independent body tasked with protecting human rights in India, has powers comparable to those of a civil court, and its members enjoy a status equivalent to that of a Supreme Court judge.

The Commission also indicated that similar action may be taken in the future to ensure the protection of other vulnerable groups, including senior citizens.

- IANS

Share this article:

Reader Comments

R
Rohit P
About time! These big tech companies think they can operate in India with zero accountability. The SIM card point is crucial too - how are kids getting unlimited data without proper checks? The 15-day deadline is good, but hope the follow-up is strict.
A
Aditya G
While I support data protection, I hope this doesn't become another bureaucratic hurdle that stifles innovation in the EdTech sector, which has been a boon for students in smaller towns. The rules need to be practical for startups too, not just giants like Meta.
S
Sarah B
The inclusion of AI platforms like Gemini and Grok is important. Children are experimenting with these tools, and we have no idea what data is being used to train models on their queries. Parental consent is just the first step; transparency is needed.
K
Karthik V
Good move, but the government needs to look inwards as well. Many government school apps and portals are also not secure. Protection of children's data has to be a universal standard, whether it's a private EdTech company or a state-run digital initiative.
M
Meera T
Finally! The grievance redressal systems of most platforms are a joke. You report something and get an automated reply that never solves the issue. If the NHRC can force them to set up proper, responsive mechanisms, it will be a huge win for all users, not just children.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50